Open Forum

Hackers continuously try to break into Microsoft 365 applications and steal information. According to Proofpoint, a cybersecurity company, hackers have been sending phishing emails to various organizations since November 2023. These emails contain fake documents or links that trick the recipients into giving away their Microsoft 365 login credentials. Once the hackers get access to the user accounts, they can:

• Changing the user's multifactor authentication settings to bypass security checks
• Sending more phishing emails to other employees or contacts using Exchange Online
• Stealing sensitive data from Exchange, OneDrive, SharePoint, and other Microsoft 365 apps
• Creating rules to delete any evidence of their actions from the user's mailbox

The adversaries attacked organizations in various regions and industries, such as healthcare, education, finance, and manufacturing. The primary targets were high-level executives, including vice presidents, CFOs, presidents, and CEOs. Proofpoint estimates that dozens of environments and hundreds of individual user accounts have been compromised so far.

The best way to avoid falling victim is to be vigilant and careful when opening emails and clicking on links or attachments. Here are some tips to help you spot and avoid phishing emails:

• Check the sender's address and name. Is it someone you know and trust? Does it match the domain of the organization they claim to represent?
• Look for spelling and grammar mistakes. Phishing emails [still in the ChatGPT era] often contain errors or awkward language that indicate they need to be more legitimate.
• Hover over the links or attachments before clicking on them. Do they lead to the expected website or file? If not, do not click on them.
• Use a strong and unique password for your Microsoft 365 account and change it regularly. Do not reuse the same password for other online accounts or services.
• Enable multifactor authentication for your Microsoft 365 account and any other online accounts that support it. This adds an extra layer of security by requiring a code or a confirmation from your phone or another device when you log in.
• Report any suspicious emails to your IT/Security team. They can help you verify the email's legitimacy and take appropriate action if it is a phishing attempt.

Remember, your online security is your responsibility. 

#ALTACyber

------------------------------
Genady Vishnevetsky
Chief Info Security Officer
Stewart Title Guaranty Company
Houston TX
------------------------------

Original Message:
Sent: 2/23/2024 8:51:00 AM
From: Genady Vishnevetsky
Subject: Security BUZZ - Ongoing Azure Compromises Target Senior Execs, Microsoft 365 Apps

Hackers continuously try to break into Microsoft 365 applications and steal information. According to Proofpoint, a cybersecurity company, hackers have been sending phishing emails to various organizations since November 2023. These emails contain fake documents or links that trick the recipients into giving away their Microsoft 365 login credentials. Once the hackers get access to the user accounts, they can:

• Changing the user's multifactor authentication settings to bypass security checks
• Sending more phishing emails to other employees or contacts using Exchange Online
• Stealing sensitive data from Exchange, OneDrive, SharePoint, and other Microsoft 365 apps
• Creating rules to delete any evidence of their actions from the user's mailbox

The adversaries attacked organizations in various regions and industries, such as healthcare, education, finance, and manufacturing. The primary targets were high-level executives, including vice presidents, CFOs, presidents, and CEOs. Proofpoint estimates that dozens of environments and hundreds of individual user accounts have been compromised so far.

The best way to avoid falling victim is to be vigilant and careful when opening emails and clicking on links or attachments. Here are some tips to help you spot and avoid phishing emails:

• Check the sender's address and name. Is it someone you know and trust? Does it match the domain of the organization they claim to represent?
• Look for spelling and grammar mistakes. Phishing emails [still in the ChatGPT era] often contain errors or awkward language that indicate they need to be more legitimate.
• Hover over the links or attachments before clicking on them. Do they lead to the expected website or file? If not, do not click on them.
• Use a strong and unique password for your Microsoft 365 account and change it regularly. Do not reuse the same password for other online accounts or services.
• Enable multifactor authentication for your Microsoft 365 account and any other online accounts that support it. This adds an extra layer of security by requiring a code or a confirmation from your phone or another device when you log in.
• Report any suspicious emails to your IT/Security team. They can help you verify the email's legitimacy and take appropriate action if it is a phishing attempt.

Remember, your online security is your responsibility. 

#ALTACyber

------------------------------
Genady Vishnevetsky
Chief Info Security Officer
Stewart Title Guaranty Company
Houston TX
------------------------------